CVE-2018-8972

Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.
References
Link Resource
https://github.com/CREDITWEST/CWCMS/issues/1 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:creditwestbank:cwcms:*:*:*:*:*:*:*:*

Information

Published : 2018-03-24 10:29

Updated : 2018-04-24 04:39


NVD link : CVE-2018-8972

Mitre link : CVE-2018-8972

Products Affected
No products.
CWE